We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
As (in)secure as WHM/cPanel? Topic is solved
As (in)secure as WHM/cPanel?
As a Saas running php-websites only, I found cpanel to be to bloated. We offer no dns,mail or even client access to files or database, but only the websites.
What I liked about cPanel was that I was guided through good security practice through for example the security adviser.
How can I secure my php websites as good as possible? Also how can I make the server itself more secure?
Or am I safe with a standard vesta installation?
I use nginx+phpfpm on Debian 9. I run each website on separate users.
What I liked about cPanel was that I was guided through good security practice through for example the security adviser.
How can I secure my php websites as good as possible? Also how can I make the server itself more secure?
Or am I safe with a standard vesta installation?
I use nginx+phpfpm on Debian 9. I run each website on separate users.
Re: As (in)secure as WHM/cPanel?
You can enable open base dir, you can disable functions
But I think best security is leave your code update, not use third party software whitout maintance and you will run well
You can have secure server but some pirated plugin / theme in your sites and you will be hacked in any way
But I think best security is leave your code update, not use third party software whitout maintance and you will run well
You can have secure server but some pirated plugin / theme in your sites and you will be hacked in any way
Re: As (in)secure as WHM/cPanel?
That is some good points.
1. However, I was wondering: do I currently have better security with my cPanel-account websites that what I would get with similar VestaCP-account websites?
If so, what can I do to have similar good security or even better with Vesta?
2. What ports should I have open when I want to: host php+mysql websites with http, https as well as being able to access the Vesta GUI and SSH? I will use letsencrypt to automatically sign certificates. And I will use PHP mail to send emails. I guess neither php mail or mysql needs any external ports?
- TCP: 22, 80, 443, 8083?
(I do not need ftp, pop/smtp/imap, webmail or dns)
1. However, I was wondering: do I currently have better security with my cPanel-account websites that what I would get with similar VestaCP-account websites?
If so, what can I do to have similar good security or even better with Vesta?
2. What ports should I have open when I want to: host php+mysql websites with http, https as well as being able to access the Vesta GUI and SSH? I will use letsencrypt to automatically sign certificates. And I will use PHP mail to send emails. I guess neither php mail or mysql needs any external ports?
- TCP: 22, 80, 443, 8083?
(I do not need ftp, pop/smtp/imap, webmail or dns)
Re: As (in)secure as WHM/cPanel?
Security is not a product, but more of a process.
Its an ongoing thing, not just a one time fix.
So, you cannot really measure 'security'.
Its an ongoing thing, not just a one time fix.
So, you cannot really measure 'security'.
Re: As (in)secure as WHM/cPanel?
Sure, but I'm wondering of how to harden the websites/server in the initial setup.
1. PHP-FPM is more secure than other php handlers. (?) - if one site/user home directory is comprised with some bad php file, the whole server is not at risk..
2. I should open only the necessary ports. What ports? See my last reply.
3. Should I install some malvare-scanner on the server? Fail2ban? Sole other useful tools/modules to monitor/improve/fix security?
4. Should I disable root ssh?
Something else?
1. PHP-FPM is more secure than other php handlers. (?) - if one site/user home directory is comprised with some bad php file, the whole server is not at risk..
2. I should open only the necessary ports. What ports? See my last reply.
3. Should I install some malvare-scanner on the server? Fail2ban? Sole other useful tools/modules to monitor/improve/fix security?
4. Should I disable root ssh?
Something else?